公开(公告)号：US20190026232A1

公开(公告)日：2019-01-24

申请号：US15655182

申请日：2017-07-20

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Alexander FAINKICHEN ,  Cyprien LAPLACE ,  Ye LI ,  Regis DUCHESNE

IPC: G06F12/1036 ,  H04L12/801 ,  H04L12/755 ,  H04L12/24

Abstract: An example method of scanning a guest virtual address (GVA) space generated by a guest operating system executing in a virtual machine of a virtualized computing system includes setting, in a scan of the GVA space by a hypervisor that manages the virtual machine, a current GVA to a first GVA in the GVA space; executing, on a processor allocated to the virtual machine, an address translation instruction, which is in an instruction set of the processor, to perform a first address translation of the current GVA; reading a register of the processor to determine a first error resulting from the first address translation; determining, in response to the first error, a level of a faulting page table in a first page table hierarchy generated by the guest operating system; and setting the current GVA to a second GVA based on the level of the faulting page table.

公开(公告)号：US20190004965A1

公开(公告)日：2019-01-03

申请号：US15639800

申请日：2017-06-30

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Cyprien LAPLACE ,  Regis DUCHESNE ,  Alexander FAINKICHEN ,  Ye LI

IPC: G06F12/1027 ,  G06F12/1009 ,  G06F9/44

Abstract: A method of re-mapping a boot loader image from a first to a second address space includes: determining a difference in a virtual address of the boot loader image in the first and second address spaces; building page tables for a third address space that maps a code section within the boot loader image at first and second address ranges separated by the difference and the code section causes execution to jump from a first instruction in the first address range to a second instruction in the second address range; executing an instruction of the code section in the first address space using pages tables for the first address space; executing the first instruction and then the second instruction using the page tables for the third address space; and executing an instruction of the boot loader image in the second address space using page tables for the second address space.

公开(公告)号：US20180173646A1

公开(公告)日：2018-06-21

申请号：US15383572

申请日：2016-12-19

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Cyprien LAPLACE ,  Ye LI

IPC: G06F12/14 ,  G06F12/1027 ,  G06F9/455 ,  G06F12/1009

CPC classification number: G06F12/1491 ,  G06F9/45558 ,  G06F12/1009 ,  G06F12/1027 ,  G06F2009/45583 ,  G06F2212/1052 ,  G06F2212/65 ,  G06F2212/68

Abstract: An example method of memory management in a virtualized computing system includes: generating a page table hierarchy that includes address translations to first pages of memory that store kernel software and second pages of the memory that store user software; configuring a processor to: 1) implement a first address translation scheme, which uses a first virtual address width, for a hypervisor privilege level; 2) implement a second address translation scheme, which uses a second virtual address width, for supervisor and user privilege levels, where the first virtual address width is larger than the second virtual address width; and 3) use the page table hierarchy for each of the first and second address translation schemes; and executing the kernel software at the hypervisor privilege level and the user software at the user privilege level.

公开(公告)号：US20170060765A1

公开(公告)日：2017-03-02

申请号：US14838541

申请日：2015-08-28

Applicant: VMware, Inc.

Inventor： Cyprien LAPLACE ,  Harvey TUCH ,  Andrei WARKENTIN ,  Adrian DRZEWIECKI

IPC: G06F12/10

CPC classification number: G06F12/0292 ,  G06F12/04 ,  G06F12/06 ,  G06F2212/151 ,  G06F2212/656

Abstract: A computer system provides a mechanism for assuring a safe, non-preemptible access to a private data area (PRDA) belonging to a CPU. PRDA accesses generally include obtaining an address of a PRDA and performing operations on the PRDA using the obtained address. Safe, non-preemptible access to a PRDA generally ensures that a context accesses the PRDA of the CPU on which the context is executing, but not the PRDA of another CPU. While a context executes on a first CPU, the context obtains the address of the PRDA. After the context is migrated to a second CPU, the context performs one or more operations on the PRDA belonging to the second CPU using the address obtained while the context executed on the first CPU. In another embodiment, preemption and possible migration of a context from one CPU to another CPU is delayed while a context executes non-preemptible code.

Abstract translation: 计算机系统提供一种用于确保对属于CPU的专用数据区（PRDA）的安全的，不可抢占的访问的机制。 PRDA访问通常包括获得PRDA的地址并使用获得的地址对PRDA执行操作。 对PRDA的安全，不可抢占的访问通常确保上下文访问上下文正在执行的CPU的PRDA，而不是另一个CPU的PRDA。 当上下文在第一个CPU上执行时，上下文获取PRDA的地址。 在将上下文迁移到第二CPU之后，上下文使用在第一CPU上执行的上下文获得的地址对属于第二CPU的PRDA执行一个或多个操作。 在另一个实施例中，上下文从一个CPU到另一个CPU的抢占和可能的迁移被延迟，而上下文执行不可抢占的代码。

公开(公告)号：US20160378696A1

公开(公告)日：2016-12-29

申请号：US14754569

申请日：2015-06-29

Applicant: VMware, Inc.

Inventor： Andrei WARKENTIN ,  Harvey TUCH ,  Alexander FAINKICHEN

IPC: G06F13/16 ,  G06F13/42

CPC classification number: G06F13/1694 ,  G06F13/4282

Abstract: Devices are emulated as PCI devices so that existing PCI drivers can be used for the devices. This is accomplished by creating a shim PCI device with a emulated PCI configuration space, accessed via a emulated PCI Extended Configuration Access Mechanism (ECAM) space which is emulated by accesses to trapped unbacked memory addresses. When system software accesses the PCI ECAM space to probe for PCI configuration data or program base address registers of the PCI ECAM space, an exception is raised and the exception is handled by a secure monitor that is executing at a higher privilege level than the system software. The secure monitor in handling the exception emulates the PCI configuration space access of the emulated PCI device corresponding to the ECAM address accessed, such that system software may discover the device and bind and appropriately configure a PCI driver to it with the right IRQ and memory base ranges.

Abstract translation: 器件被仿真为PCI器件，以便现有的PCI驱动器可用于器件。 这是通过创建具有模拟PCI配置空间的片上PCI设备来实现的，该配置空间通过仿真的PCI扩展配置访问机制（ECAM）空间来访问，该空间由被捕获的未回读存储器地址的访问模拟。 当系统软件访问PCI ECAM空间以探测PCI ECAM空间的PCI配置数据或程序基址寄存器时，会发生异常，并且由比系统软件更高的权限级别执行的安全监视器处理异常 。 处理异常时的安全监视器模拟对应于所访问的ECAM地址的仿真PCI设备的PCI配置空间访问，以便系统软件可以发现设备并使用正确的IRQ和存储器基础来绑定并适当地配置PCI驱动程序 范围。

公开(公告)号：US20150370590A1

公开(公告)日：2015-12-24

申请号：US14312175

申请日：2014-06-23

Applicant: VMware, Inc.

Inventor： Harvey TUCH ,  Andrei WARKENTIN

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F9/48 ,  G06F2009/45587

Abstract: In a virtualized computer system operable in more than two hierarchical privilege levels, components of a hypervisor, which include a virtual machine kernel and virtual machine monitors (VMMs), are assigned to different privilege levels. The virtual machine kernel operates at a low privilege level to be able to exploit certain features provided by the low privilege level, and the VMMs operate at a high privilege level to support execution of virtual machines. Upon determining that a context switch from the virtual machine kernel to a VMM is to be performed, the computer system exits the low privilege level, and enters the high privilege level to execute a trampoline that supports context switches to VMMs, such as state changes, and then the VMM. The trampoline is deactivated after execution control is switched to the VMM.

Abstract translation: 在可在多于两个分层特权级别中操作的虚拟化计算机系统中，包括虚拟机内核和虚拟机监视器（VMM）的管理程序的组件被分配给不同的权限级别。 虚拟机内核在低权限级别下运行，以便能够利用低权限级别提供的某些功能，并且VMM以高权限级别运行以支持虚拟机的执行。 在确定将要执行从虚拟机内核到VMM的上下文切换时，计算机系统退出低权限级别，并且进入高权限级别以执行支持到VMM的上下文切换的蹦床，例如状态改变， 然后是VMM。 执行控制切换到VMM后，蹦床停用。